Solved

Access to WinXP Pro with terminal client through di604 firewall

Posted on 2004-10-08
18
235 Views
Last Modified: 2013-11-21
I am trying to remote access to my computer from outside my home.  Everytime I do I get a "Network is busy" error message.  I have tried everything I can think of.  I am set up as

a) disabled my firewall (zonealarm), win xp firewall is disabled
b) enabled remote access on win xp
c) I have dlink di604 router
d) I have 3 computers on my network, one WAN IP for all 3
e) I have setup dlink di604 to allow terminal client and winxp remote access to go through.  Virtual servers have been setup for private IP:  [my wan ip] through private and public port 3389 and the same setup for private IP:  [my lan ip]  192.168.0.1

I'm still getting errors to get through.  Can anyone help?  and if I want to remotely access TWO seperate computers on my home network, how do I do this
0
Comment
Question by:blaster998
  • 11
  • 4
  • 3
18 Comments
 
LVL 1

Expert Comment

by:jacksonps4
ID: 12264507
If you have only one WAN IP, you need to use PAT (port address translation) to access multiple machines.  So if you wanted to access remote desktop (terminal services) on two machines, you could configure as follows: if your WAN IP was 10.0.0.1 and your internal IPs were 192.168.0.1 and 192.168.0.2, you could configure your router to forward any requests received on the public IP port 3389 to go to the first host on port 3389.  You could also configure any requests received on 4389 to go to the second host on 3389.  Hence, the router translates addresses as follows:
10.0.0.1:3389 -> 192.168.0.1:3389
10.0.0.1:4389 -> 192.168.0.2:3389

Hence by mapping different ports on the external IP to different IP addresses on the internal network, you can access multiple hosts.

The "network is busy" error message is likely due to a router misconfiguration.
0
 

Expert Comment

by:gunite
ID: 12264768
Can you connect using VNC ? It's free and it'd be worth a test. The Network Busy answer sounds like the service doesn't want to answer.
0
 

Author Comment

by:blaster998
ID: 12264798
Both of my computers seem to be 192.168.0.1.    I am looking at the internet, the dlink configuration manual and the dlink admin and I don't see any PAT setup...although I do see some references to it on the internet.

My wan IP is 68.144.44.225...nothing like the 10.0.0.1 you mentioned.  Am I reading this correctly?  Can anyone give me specific directions on how to configure my setup so that it works?
0
 

Author Comment

by:blaster998
ID: 12264950
That was wrong.  One of my lan ip's is 192.168.100 and the other 192.168.102.

Is there some kind of MS wizard to make this work??  I have spent 8 hours trying to configure this for remote access and nothing seems to work.  Am I the only one having a nightmare trying to fix this?

I have a total of 3 computers behind a DI-604 dlink router.  One computer is win xp pro and the other is xp home.  Those are the only 2 I care about.

This should be fairly straight forward, right?  right?  Is there a way to test the remote access from my own computer?  Or do I need a remote computer to test the remote access.

I have never been able to make the home network option work either.  I can never see the files.  It keeps telling me that I am not allowed to see these files.

Someone please help!!!
0
 

Expert Comment

by:gunite
ID: 12264971
do you have a static IP Address on the internet?
0
 

Author Comment

by:blaster998
ID: 12265034
I assume that its dynamic because my internet provider is cable high speed.
0
 

Author Comment

by:blaster998
ID: 12265037
I tried VNC but there are about 8 sections to this program to try to learn and I just don't have the time to figure out a new program.
0
 
LVL 1

Expert Comment

by:jacksonps4
ID: 12265673
If you go to
http://support.dlink.com/SupportFAQ/

and enter your router model, there is a FAQ section which goes through how to publish services to the Internet.  If you drill down the tree on the left side to
Open Ports / Applications -> General -> Open a range of ports

This tells you how to publish a service on any given computer so that it can be accessed using your public IP.

So to publish remote desktop from two PCs, if their IPs are 192.168.0.101 and 192.168.0.102, you need to set up two rules.  The source port on your WAN IP (68.144.44.225) could be 3389 for one and 4389 for the other but this choice is up to you.  Then set the destination IP of each rule to the LAN IP of the hosts you want to publish remote desktop for.

Hence
Rule 1: 68.144.44.225:3389 -> 192.168.0.101:3389

Rule 2: 68.144.44.225:4389 -> 192.168.0.102:3389

Then you would connect to one host from outside your LAN by making a remote desktop connection to 68.144.44.225.  To connect to the other, you must specify the IP and port, thus 68.144.44.225:4389 as 4389 is not the default port for remote desktop.

HTH
0
 

Expert Comment

by:gunite
ID: 12266257
If it is not a static address then it is likely when you are trying to access your local network from outside your network it does not have a statically defined route to your router. You need to have a static address that the ISP will always know you by to set this up to work.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:blaster998
ID: 12267408
I think I'm missing part of the logic to this.

I have set up 2 virtual servers, one for each computer ....the purpose I think is to define what the private/public port will be.  I have defined one as 3389 and the other as 4389.

Then I set up a firewall rule which allows internect connections to connect to each of the computers.  For "source", it would logically be "*" which is any computer on the internet that I am on.  Destination I have "LAN" and the LAN IP which is 192.168.0.100 and a port range of 3389.  I defined a second firewall rule exactly the same except that the LAN IP is for the other computer with a port of 4389.

Jacksonps4 comment:  On the firewall configuration screen, there are no ports that I can define for the "source", only for the destination.  I am not given the room to nter "68.144.44.225:3389".  I cannot seem to line up your instructions with the DLink configuration.

Thanks to all for your continuing help!  Getting closer!
0
 
LVL 1

Accepted Solution

by:
jacksonps4 earned 250 total points
ID: 12267952
Your first rule sounds fine and should work.  Have you tried connecting from outside your LAN?

The purpose of the rules is to map ports on the external side of your router to particular services on machines on your internal LAN.  Hence you could choose to publish a web server (which runs on port 80 on machine 192.168.0.105)  to your public IP on port 80.  

However in this case you are trying to publish terminal services (remote desktop) from two machines.  Terminal services by default runs on port 3389 and so to publish these services to your public IP, you must map a port from the external side of your router (your public IP) to the appropriate port of a machine on your internal LAN.  Because you have only one public IP, you cannot publish multiple servers to the same port on your public IP.  Hence the reason I suggested you use port 4389 for the second machine.

So your rules should be as follows for your two virtual servers:
Rule 1:
Name: RDP server 1
Private IP: 192.168.0.100
Protocol type: TCP
Private port: 3389
Public port: 3389

Rule 2:
Name: RDP server 2
Private IP: 192.168.0.102
Protocol type: TCP
Private port: 3389
Public port: 4389

Hence to connect to server 1 (192.168.0.100) from the Internet, connect using remote desktop client to [your public IP]:3389.  You do not need to specify the port (:3389) because 3389 is the default port for remote desktop.

To connect to server 2 (192.168.0.102) from the Internet, connect using remote desktop client to [your public IP]:4389.  In this case you must specify the port as you are not using the default port.

See this article for details:
http://support.dlink.com/faq/view.asp?prod_id=1005

HTH
0
 

Author Comment

by:blaster998
ID: 12271880
Hi JacksonPS4
Thanks!  Worked Now!!!

Thanks for the step by step approach to getting this working!
0
 

Author Comment

by:blaster998
ID: 12324554
Hi Jacksonps4,

Just a followup question.  I have set up the connections that you stated....but I am having trouble accessing my second computer at :4389

I've tried to make sure its an open port but it doesn't appear in my list when I use "netstats -an", even after I followed microsofts instructions for opening it.  Is there an easier way to use a port for this?  I have tried a number of other ports that appear on netstats but it just gives errors.

thanks,

RD
0
 

Author Comment

by:blaster998
ID: 12324583
It keeps telling me "the server name is invalid" when I try to use terminal client to access it.
0
 

Author Comment

by:blaster998
ID: 12324636
Am I supposed to open this port on the second machine which  I am trying to access?
0
 
LVL 1

Expert Comment

by:jacksonps4
ID: 12326614
Is remote desktop enabled on the second computer?  If you type "netstat -an" on the second computer, does :3389 appear?

The reason :4389 will not appear when you type netstat is because the computer is not supposed to listen on this port.  The router should be configured to forward any connections from port 4389 on its external interface to port 3389 on the internal address of the second computer (192.168.0.102).  Hence port 4389 is a sort of "virtual port" that only the router knows about.  You could choose another port instead because as this is a virtual port, it could set to anything (e.g. 5000, 6500 or anything else).

Check that the internal IP of the second computer is correct and that remote desktop is enabled and allowed to pass through any firewall software on the machine.
0
 

Author Comment

by:blaster998
ID: 12327398
The second computer is Windows XP Home which does not have "remote access" on it but I should still be able to use Terminal Client to get in (I think).  I have not yet tried netstats on it...but I would like to confirm that the settings above for the DI604 router are definitely correct, right?

IP of main computer is 192.168.0.102 (I can access this one fine).  IP of the second computer that I cannot access is  192.168.0.100.
0
 

Author Comment

by:blaster998
ID: 12340818
When I do "netstat - na", Port 3389 does NOT appear.  Do I need to open this?  I also went to the firewall and enabled the remote desktop option here.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now